linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] Fix SLAB freelist randomization duplicate entries
@ 2017-01-03 18:19 Thomas Garnier
  2017-01-06  0:35 ` Andrew Morton
  0 siblings, 1 reply; 5+ messages in thread
From: Thomas Garnier @ 2017-01-03 18:19 UTC (permalink / raw)
  To: Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim,
	Andrew Morton
  Cc: linux-mm, linux-kernel, jsperbeck, Thomas Garnier

This patch fixes a bug in the freelist randomization code. When a high
random number is used, the freelist will contain duplicate entries. It
will result in different allocations sharing the same chunk.

Fixes: c7ce4f60ac19 ("mm: SLAB freelist randomization")
Signed-off-by: John Sperbeck <jsperbeck@google.com>
Reviewed-by: Thomas Garnier <thgarnie@google.com>
---
 mm/slab.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/mm/slab.c b/mm/slab.c
index 29bc6c0dedd0..4f2ec6bb46eb 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -2457,7 +2457,6 @@ union freelist_init_state {
 		unsigned int pos;
 		unsigned int *list;
 		unsigned int count;
-		unsigned int rand;
 	};
 	struct rnd_state rnd_state;
 };
@@ -2483,8 +2482,7 @@ static bool freelist_state_initialize(union freelist_init_state *state,
 	} else {
 		state->list = cachep->random_seq;
 		state->count = count;
-		state->pos = 0;
-		state->rand = rand;
+		state->pos = rand % count;
 		ret = true;
 	}
 	return ret;
@@ -2493,7 +2491,9 @@ static bool freelist_state_initialize(union freelist_init_state *state,
 /* Get the next entry on the list and randomize it using a random shift */
 static freelist_idx_t next_random_slot(union freelist_init_state *state)
 {
-	return (state->list[state->pos++] + state->rand) % state->count;
+	if (state->pos >= state->count)
+		state->pos = 0;
+	return state->list[state->pos++];
 }
 
 /* Swap two freelist entries */
-- 
2.11.0.390.gc69c2f50cf-goog

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] Fix SLAB freelist randomization duplicate entries
  2017-01-03 18:19 [PATCH] Fix SLAB freelist randomization duplicate entries Thomas Garnier
@ 2017-01-06  0:35 ` Andrew Morton
  2017-01-06 17:58   ` Thomas Garnier
  0 siblings, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2017-01-06  0:35 UTC (permalink / raw)
  To: Thomas Garnier
  Cc: Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim,
	linux-mm, linux-kernel, jsperbeck

On Tue,  3 Jan 2017 10:19:08 -0800 Thomas Garnier <thgarnie@google.com> wrote:

> This patch fixes a bug in the freelist randomization code. When a high
> random number is used, the freelist will contain duplicate entries. It
> will result in different allocations sharing the same chunk.

Important: what are the user-visible runtime effects of the bug?

> Fixes: c7ce4f60ac19 ("mm: SLAB freelist randomization")
> Signed-off-by: John Sperbeck <jsperbeck@google.com>
> Reviewed-by: Thomas Garnier <thgarnie@google.com>

This should have been signed off by yourself.

I'm guessing that the author was in fact John?  If so, you should
indicate this by putting his From: line at the start of the changelog. 
Otherwise, authorship will default to the sender (ie, yourself).

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] Fix SLAB freelist randomization duplicate entries
  2017-01-06  0:35 ` Andrew Morton
@ 2017-01-06 17:58   ` Thomas Garnier
  2017-01-06 20:42     ` Andrew Morton
  0 siblings, 1 reply; 5+ messages in thread
From: Thomas Garnier @ 2017-01-06 17:58 UTC (permalink / raw)
  To: Andrew Morton
  Cc: Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim,
	Linux-MM, LKML, John Sperbeck

On Thu, Jan 5, 2017 at 4:35 PM, Andrew Morton <akpm@linux-foundation.org> wrote:
> On Tue,  3 Jan 2017 10:19:08 -0800 Thomas Garnier <thgarnie@google.com> wrote:
>
>> This patch fixes a bug in the freelist randomization code. When a high
>> random number is used, the freelist will contain duplicate entries. It
>> will result in different allocations sharing the same chunk.
>
> Important: what are the user-visible runtime effects of the bug?

It will result in odd behaviours and crashes. It should be uncommon
but it depends on the machines. We saw it happening more often on some
machines (every few hours of running tests).

>
>> Fixes: c7ce4f60ac19 ("mm: SLAB freelist randomization")
>> Signed-off-by: John Sperbeck <jsperbeck@google.com>
>> Reviewed-by: Thomas Garnier <thgarnie@google.com>
>
> This should have been signed off by yourself.
>
> I'm guessing that the author was in fact John?  If so, you should
> indicate this by putting his From: line at the start of the changelog.
> Otherwise, authorship will default to the sender (ie, yourself).
>

Sorry, I though the sign-off was enough. Do you want me to send a v2?

-- 
Thomas

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] Fix SLAB freelist randomization duplicate entries
  2017-01-06 17:58   ` Thomas Garnier
@ 2017-01-06 20:42     ` Andrew Morton
  2017-01-06 21:41       ` Thomas Garnier
  0 siblings, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2017-01-06 20:42 UTC (permalink / raw)
  To: Thomas Garnier
  Cc: Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim,
	Linux-MM, LKML, John Sperbeck

On Fri, 6 Jan 2017 09:58:48 -0800 Thomas Garnier <thgarnie@google.com> wrote:

> On Thu, Jan 5, 2017 at 4:35 PM, Andrew Morton <akpm@linux-foundation.org> wrote:
> > On Tue,  3 Jan 2017 10:19:08 -0800 Thomas Garnier <thgarnie@google.com> wrote:
> >
> >> This patch fixes a bug in the freelist randomization code. When a high
> >> random number is used, the freelist will contain duplicate entries. It
> >> will result in different allocations sharing the same chunk.
> >
> > Important: what are the user-visible runtime effects of the bug?
> 
> It will result in odd behaviours and crashes. It should be uncommon
> but it depends on the machines. We saw it happening more often on some
> machines (every few hours of running tests).

So should the fix be backported into -stable kernels?

> >
> >> Fixes: c7ce4f60ac19 ("mm: SLAB freelist randomization")
> >> Signed-off-by: John Sperbeck <jsperbeck@google.com>
> >> Reviewed-by: Thomas Garnier <thgarnie@google.com>
> >
> > This should have been signed off by yourself.
> >
> > I'm guessing that the author was in fact John?  If so, you should
> > indicate this by putting his From: line at the start of the changelog.
> > Otherwise, authorship will default to the sender (ie, yourself).
> >
> 
> Sorry, I though the sign-off was enough. Do you want me to send a v2?

I have the patch as

From: John Sperbeck <jsperbeck@google.com>
Signed-off-by: John Sperbeck <jsperbeck@google.com>
Signed-off-by: Thomas Garnier <thgarnie@google.com>

Is that correct?  Is John the primary author?

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] Fix SLAB freelist randomization duplicate entries
  2017-01-06 20:42     ` Andrew Morton
@ 2017-01-06 21:41       ` Thomas Garnier
  0 siblings, 0 replies; 5+ messages in thread
From: Thomas Garnier @ 2017-01-06 21:41 UTC (permalink / raw)
  To: Andrew Morton
  Cc: Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim,
	Linux-MM, LKML, John Sperbeck

On Fri, Jan 6, 2017 at 12:42 PM, Andrew Morton
<akpm@linux-foundation.org> wrote:
> On Fri, 6 Jan 2017 09:58:48 -0800 Thomas Garnier <thgarnie@google.com> wrote:
>
>> On Thu, Jan 5, 2017 at 4:35 PM, Andrew Morton <akpm@linux-foundation.org> wrote:
>> > On Tue,  3 Jan 2017 10:19:08 -0800 Thomas Garnier <thgarnie@google.com> wrote:
>> >
>> >> This patch fixes a bug in the freelist randomization code. When a high
>> >> random number is used, the freelist will contain duplicate entries. It
>> >> will result in different allocations sharing the same chunk.
>> >
>> > Important: what are the user-visible runtime effects of the bug?
>>
>> It will result in odd behaviours and crashes. It should be uncommon
>> but it depends on the machines. We saw it happening more often on some
>> machines (every few hours of running tests).
>
> So should the fix be backported into -stable kernels?
>

I think it should, yes.

>> >
>> >> Fixes: c7ce4f60ac19 ("mm: SLAB freelist randomization")
>> >> Signed-off-by: John Sperbeck <jsperbeck@google.com>
>> >> Reviewed-by: Thomas Garnier <thgarnie@google.com>
>> >
>> > This should have been signed off by yourself.
>> >
>> > I'm guessing that the author was in fact John?  If so, you should
>> > indicate this by putting his From: line at the start of the changelog.
>> > Otherwise, authorship will default to the sender (ie, yourself).
>> >
>>
>> Sorry, I though the sign-off was enough. Do you want me to send a v2?
>
> I have the patch as
>
> From: John Sperbeck <jsperbeck@google.com>
> Signed-off-by: John Sperbeck <jsperbeck@google.com>
> Signed-off-by: Thomas Garnier <thgarnie@google.com>
>
> Is that correct?  Is John the primary author?

That's correct.

-- 
Thomas

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-01-06 21:41 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-03 18:19 [PATCH] Fix SLAB freelist randomization duplicate entries Thomas Garnier
2017-01-06  0:35 ` Andrew Morton
2017-01-06 17:58   ` Thomas Garnier
2017-01-06 20:42     ` Andrew Morton
2017-01-06 21:41       ` Thomas Garnier

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).